Microsoft Sentinel
A scalable, cloud-native solution for security information event management and security orchestration automated response. Previously known as Azure Sentinel.
1,065 questions
Security Event 4733 help sentinel Log analytic work space
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(25.6, 82%, 12%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMZ%3C/text%3E%3C/svg%3E)
Minghui Zou
186
Reputation points
Hi community experts!
I had trouble with the following issue. we have connected security events via OMS agent to Log analytic workspace. but we found something really interesting.
for security event log 4733, which is a user is removed from the AD, in the event viewer you can see the account name that is being removed! but in the LAW
we can not see the account that is being removed. we belived we have found similar issue.
{count} votes
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(48, 2%, 14%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ETN%3C/text%3E%3C/svg%3E)
Thuan Nguyen 1 Reputation point2021-12-19T06:24:41.11+00:00 I have tried in my environment and still see everything. Could you elaborate? What is missing from the event log in Log Analytics Workspace. In my environment I can see details of event 4733.
Sign in to comment